c856480b493c3077ae7d06df2c79e4c3_JaffaCakes118

General

Target

c856480b493c3077ae7d06df2c79e4c3_JaffaCakes118
Size

177KB
MD5

c856480b493c3077ae7d06df2c79e4c3
SHA1

807b1ff6afd18ce769c3f062a138fcc5dc14decc
SHA256

c4297687c68d8b579dfaa52a066000eba5636cde6a6ee40d89b50c15eaaac264
SHA512

e41d676901e5fd178566e0d0594b16a6b9564eb0d9dae2cd88f8ca3057f8eb3a9f5e5a3e8108acf466536eb76f34d3b029924822effda1cfba7fc772113c51c0
SSDEEP

3072:kvPGv92txxi4bkC3aie+IaVgr7AJX1VSEIISiKnQNLAw2P9jG+qtc+cAEN761g:+SIN/bT3aiSAVSEIISfeE5jf6Vc/9N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c856480b493c3077ae7d06df2c79e4c3_JaffaCakes118

Files

c856480b493c3077ae7d06df2c79e4c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6203de1ef9cdf08b74bc39be7ea8c612

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW

iphlpapi

GetIpAddrTable

kernel32

VirtualQuery
TlsSetValue
HeapDestroy
InterlockedExchange
GetStdHandle
AddAtomA
GetModuleFileNameA
GetCPInfo
GetACP
SetLastError
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetSystemInfo
FreeEnvironmentStringsW
HeapCreate
HeapSize
FreeEnvironmentStringsA
TlsGetValue
TerminateProcess
TlsAlloc
GetLocaleInfoA
GetEnvironmentStrings
EnumResourceNamesW
SetHandleCount
VirtualFree
GetCurrentProcess
lstrcatW
UnhandledExceptionFilter
VirtualAlloc
WriteFile
GetFileType
GetStartupInfoA
IsBadWritePtr
QueryPerformanceCounter
GetOEMCP
GetCurrentProcessId
GetVersionExA
SetEndOfFile
TlsFree
SetUnhandledExceptionFilter

newdev

UpdateDriverForPlugAndPlayDevicesW

user32

IsWindow
EnumChildWindows
DestroyWindow
SendMessageA
GetDlgItem
CreateWindowExW
GetWindowThreadProcessId

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

setupapi

CM_Get_Global_State
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

Sections

.text
Size: 86KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6203de1ef9cdf08b74bc39be7ea8c612

Headers

File Characteristics

Imports

shell32

iphlpapi

kernel32

newdev

user32

mprapi

setupapi

Sections

.text Size: 86KB - Virtual size: 242KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 87KB - Virtual size: 86KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 86KB - Virtual size: 242KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 87KB - Virtual size: 86KB

.rsrc
Size: 512B - Virtual size: 4KB